Privacy Policy

Last Updated: October 28, 2025

1. Data Controller

The Data Controller of this website is Sotschi, operated by Lorik Thaqi (P.IVA 03280090212). You can contact the Controller regarding data protection at: contact@sotschiofficial.com.

2. Types of Data Processed

  • Contact data voluntarily provided by the user (e.g., name, surname, email, phone prefix/number, client type, service type, message). Contact forms are shown only on pages under the /sotschi_design/ and /sotschi_music/ sections.
  • Browsing/technical data automatically collected by server logs for security and performance (e.g., IP address, date/time, user agent, pages visited, referrer).
  • Anti-spam/abuse protection data collected via Google reCAPTCHA v3 on contact forms (e.g., device and interaction metadata used to assess whether a request is human). reCAPTCHA may set cookies and read device signals strictly for security.
  • Third-party asset delivery data when loading frontend libraries and icons from a Content Delivery Network (e.g., request IP, user agent) that are necessary to deliver the files (e.g., Font Awesome via cdnjs).
  • Cookies strictly necessary for operation and security; any non-essential/analytics cookies (if used) are loaded only with consent. See the Cookie Policy.

3. Purposes and Legal Bases

  • Site functionality, performance, and security (fixed navigation, smooth scrolling, section highlighting, CSRF/anti-bot, rate limiting, asset delivery) — Legitimate interest (Art. 6(1)(f) GDPR).
  • Replying to requests sent through contact forms (including pre-contractual steps) — Contract or pre-contractual measures (Art. 6(1)(b) GDPR).
  • Anti-spam and abuse prevention (reCAPTCHA v3 on form submit) — Legitimate interest (Art. 6(1)(f) GDPR).
  • Analytics or similar measurements (if enabled)Consent (Art. 6(1)(a) GDPR). These tools are not loaded without your consent.
  • Compliance (e.g., handling legal requests, enforcing rights) — Legal obligation (Art. 6(1)(c) GDPR) or Legitimate interest (Art. 6(1)(f)).

4. Data Recipients

Data may be processed by service providers acting as data processors pursuant to Art. 28 GDPR, including:

  • Hosting and infrastructure (site, databases, logs).
  • Email delivery for replies to your requests.
  • Security/anti-spam (Google reCAPTCHA v3) to protect forms against automated abuse.
  • CDN/asset delivery (e.g., cdnjs/Font Awesome) to serve static files efficiently and securely.

We do not sell your data or share it for independent marketing purposes.

5. Data Transfers Outside the EU

When a provider is located outside the EEA (for example, Google for reCAPTCHA or some CDN endpoints), transfers occur under appropriate safeguards such as an adequacy decision (e.g., EU-U.S. Data Privacy Framework, where applicable) and/or the European Commission’s Standard Contractual Clauses (SCCs) with supplementary measures.

6. Data Retention

  • Contact requests: up to 24 months after the last interaction, unless needed longer to handle a project or legal matters.
  • Server logs: typically 30–180 days for security and maintenance.
  • Anti-spam signals (reCAPTCHA): processed by Google as per their policies; we do not store reCAPTCHA scores ourselves.
  • Analytics (if enabled): per tool settings (commonly 14–26 months) before deletion or anonymization.

7. Your Rights

You may request access, rectification, erasure, restriction, or portability of your personal data, and object to processing where applicable. If processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal. To exercise your rights, write to contact@sotschiofficial.com.

8. Complaints

You can lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), garanteprivacy.it.

9. Automated Decisions

No automated decision-making or profiling is carried out.

10. Updates

This policy may be updated to reflect legal or technical changes. The most recent version will always be available on this page.

11. Third-Party Services Used on This Site

  • Google reCAPTCHA v3 (security on contact forms). The service evaluates interactions to prevent abuse and may use cookies and device/interaction data. Use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Service.
  • Content Delivery Networks (e.g., cdnjs/Font Awesome) to deliver static resources (icons, scripts). The CDN receives your IP address and user agent to serve files and protect the network. We use CDNs for performance, reliability, and security; no marketing profiles are created by us from this.
  • Social links (e.g., Instagram, Threads, Facebook) are simple outbound links. No embedded social widgets are loaded unless you click a link and leave our site.

12. Cookies & Similar Technologies

We use essential cookies and similar technologies for security and functionality (e.g., reCAPTCHA, session management). Any non-essential/analytics cookies (if adopted) are used only with your consent and can be managed via the preferences tool described in the Cookie Policy.

13. Security Measures

  • Transport security via HTTPS.
  • Form protections: honeypot field, timestamp checks, Google reCAPTCHA v3, and server-side validation.
  • Operational safeguards: access control, monitoring via logs, selective rate-limiting/firewalling where appropriate.
  • Client-side scripts used for navigation/UI (e.g., scroll effects, section highlighting) do not transmit personal data to us.